Secure mass storage device

ABSTRACT

A USB mass storage device includes a memory, USB interface and USB controller. A biometric circuit provides biometric authentication and a secure microcontroller is operatively connected to the biometric circuit and the USB controller and operative in accordance as a trusted platform and having a command set to access security functions and trust authentication of a user using the biometric circuit.

FIELD OF THE INVENTION

The present invention relates to the field of mass storage devices, andmore particularly, this invention relates to USB mass storage devices.

BACKGROUND OF THE INVENTION

Since the late 1990's, the universal serial bus (USB) has become firmlyestablished and has gained wide acceptance in the PC marketplace. TheUSB was developed in response to a need for a standard interface thatextends the concept of “plug and play” to devices external to a PC. Ithas enabled users to install and remove external peripheral deviceswithout opening the PC case or removing power from the PC. The USBprovides a low-cost, high performance, half-duplex serial interface thatis easy to use and readily expandable.

USB uses four wires. The power supply is carried with two wires (VBusand ground), and data is carried with the other two wires (D+, D−). Thelatest version of the USB is currently defined by the Universal SerialBus Specification Revision 2.0, written and controlled by USBImplementers Forum, Inc., a non-profit corporation founded by the groupof companies that developed the USB Specification. This specification isincorporated herein by reference in its entirety. The increasinglywidespread use of the USB has led manufacturers to develop USBinterfaces for connection of their products to host computers tocomplement the existing serial and parallel interfaces. These devicesare becoming increasingly smaller, such as USB mass storage tokens.

One type of mass storage device is a USB flash drive that is typically aNAND-type flash memory integrated with a USB interface. It uses the USBmass storage standard for removable storage devices. In many examples ofsuch devices, a small printed circuit board is encased in a plastichousing, allowing a standard type-A USB connection (or interface) to beconnected directly to a port on a personal computer. The flash drivesare active when powered by a USB computer connection and typicallyrequire no other external power source or source of battery power.

Usually the drives are run off a limited supply and are forwarded by aUSB connection of about 5 volts and up to 500 milliamps. The flash drivetypically includes the mail type-A USB connector and a USB mass storagecontroller that implements a USB host controller to provide a linearinterface to some type of block-oriented serial flash devices. Thiscould contain a small RISC microprocessor and some on-chip ROM and RAM.In this type of circuit, a NAND flash memory chip stores the data and acrystal oscillator provides a clock signal and controls the data output.An LED could indicate data transfer or data reads and writes in somedevices.

Typically, these flash drives and similar USB mass storage devicesimplement a USB mass storage device class, allowing most computersystems to read the device. Most USB flash drives do not use awrite-protect mechanism. Some flash drives, however, encrypt data usingan encrypted file system, including True Crypt, CryptoBuddy and PrivateDisk as examples. It is believed there have been some proposals forbiometric fingerprinting, but these proposals have not been commerciallyimplemented and the design has been technically complete and expensive.

It should be understood that the large acceptance of USB mass storagedevices and flash drives in the PC world, and their use in corporateenvironments, indicates that the products are becoming ubiquitous for aPC user. These portable devices are USB “plug-and-play” compliant. Theyare small in size and are often lost with their sensitive information,including sensitive data, keys, or credentials of a user. Additionally,with the proliferation of USB devices, the user may have to connect amultitude of USB products to a user's computer to store information, toauthenticate at the computer, network or web page, to pay on-line, or toencrypt sensitive data and verify the integrity of a platformapplication.

There are proposals to implement smart card technology to USB massstorage devices, but much of the hardware security provided by a smartcard chip is limited to its use of the ISO 7816 protocol to communicatewith a USB controller. It would be advantageous to incorporate aphysical interface such as the USB, low pin count (LPC), InterIntegrated Circuit (I2C), serial peripheral interface (SPI), or otherserial or parallel input/output interface such as the InterChip USB witha higher protocol layer not based on ISO 7816-3.

Some USB flash drive devices offer content protection by user name andpassword access, and use software encryption having a memory partitionusing a public and secure area. A security token could be made from aUSB token, including a custom USB controller, or made from two chips,i.e., a smart card in a USB controller with a smart card readerfunctionality such as described in U.S. Pat. Nos. 6,748,541 and6,763,399 to Margalit et al., the disclosures which are herebyincorporated by reference in their entirety. As disclosed generally inthese references, a smart card chip can communicate to a USB controllerusing an ISO 7816 interface and protocol. In other examples, the tokencould use a USB reader with an ISO 7816 smart card or USB smart card asdefined in ISO 7816-12.

Some proposals, such as disclosed in U.S. Patent Publication No.2002/0073340 published on Jun. 13, 2002, disclose a secure mass storagedevice having an embedded biometric record that blocks access bydisabling plug-and-play configuration. The system can use a thumbprintthat is captured and compared to templates to either block the secureddrive access or continue initializing the secured drive to allow access.Although some biometric circuit is provided in the disclosure, it maynot provide the desired level of trusted authentication.

SUMMARY OF THE INVENTION

It is therefore an object of the present invention to provide a massstorage device that can operate as a USB peripheral with data integritywithout using the ISO 7816-3 protocol.

It is still another object of the present invention to provide a massstorage device that can be a trusted USB peripheral having dataintegrity and provide a user secure authentication and mass storagecapability.

A USB mass storage device includes a memory for storing data. A USBinterface couples the USB mass storage device to a host computer. A USBcontroller is operatively connected to the memory and USB interface andoperative for transferring mass storage data between the host computerand memory. A biometric circuit provides biometric authentication of auser. A secure controller is operatively connected to the biometriccircuit and the USB controller and operative in accordance as a trustedplatform. It has a command set to access security functions and trustauthentication of a user using the biometric circuit.

In yet another aspect, the secure controller is operatively connectedbetween the biometric circuit and the USB controller. This securecontroller can be. operative to access security functions performed bylogic that complies with the Trusted Computing Group (TCG)specification. The biometric circuit can be formed as one of acapacitance, optical and RF scanner circuit. The memory can be formed asa non-volatile memory such as EEPROM, NVRAM or flash memory.

In yet another aspect of the present invention, a serial communicationsinterface interconnects the USB controller and secure controller and canbe formed as one of at least a RS232, I2C, SPI or interchip USBcommunications link. A serial communications interface can interconnectthe secure controller and the biometric circuit.

In yet another aspect of the present invention, a USB mass storagesystem includes a computer host that includes a USB interface andreceives mass storage data through the USB interface and communicateswith the USB mass storage device.

BRIEF DESCRIPTION OF THE DRAWINGS

Other objects, features and advantages of the present invention willbecome apparent from the detailed description of the invention whichfollows, when considered in light of the accompanying drawings in which:

FIG. 1 is a block diagram showing a typical mass storage deviceoperative as a USB flash drive and showing basic functional components.

FIG. 2 is a block diagram of a USB showing the different data transportmechanisms, pipes and a USB-relevant format of transported data betweenthe host and interconnective physical devices as taught in the universalserial bus specification revision 2.0.

FIG. 3 is a block diagram of a secure USB mass storage device thatincludes a biometric circuit and secure controller in accordance with anon-limiting example of the present invention.

FIG. 4 is a high-level block diagram of an example of a software stackconfiguration that can be used in accordance with a non-limiting exampleof the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Different embodiments will now be described more fully hereinafter withreference to the accompanying drawings, in which preferred embodimentsare shown. Many different forms can be set forth and describedembodiments should not be construed as limited to the embodiments setforth herein. Rather, these embodiments are provided so that thisdisclosure will be thorough and complete, and will fully convey thescope to those skilled in the art. Like numbers refer to like elementsthroughout.

In accordance with a non-limiting example of the present invention, themass storage device is operative as a secure USB mass storage device,for example, a USB flash drive, which integrates several devices intoone. The mass storage device has hardware security and a similar levelof protection profile as a smart card to secure content. A user can havesecure authentication with mass storage capability and operability as atrusted USB peripheral. The mass storage device includes data integrityand does not use the ISO 7816-3 protocol. It has compatibility with theTrusted Platform Module (TPM) as instituted by the Trusted ComputingGroup (TCG) initiative. The device can include key, credential andpassword storage into a secure memory in accordance with the standard.The password can be replaced by a biometric sensor.

In one non-limiting example of the present invention, a system has a USBhost and a USB peripheral connected one-to-one to each other. The USBhost could be a PC host, an embedded PC host, or an embedded USB host ina consumer or telecom application. The USB peripheral could offerseveral functions, including (a) a USB mass storage class function forstoring data of a user, and (b) security functions, for example, storingpublic, private and symmetric keys, or cryptographic hashing forintegrity checking, or digital signing or sealing data to a systemstate. These functions can be used by security applications running ontop of the hardware and software driver.

FIG. 1 shows an example of a typical USB mass storage device system 10that includes a typical USB peripheral such as a USB mass storage deviceformed as a USB flash drive in this non-limiting example. It should beunderstood that the device 12 could be a secure token or other massstorage device. The device 12, in this non-limiting example, includes ahousing 14 defining the USB mass storage token or flash drive device anda male type-A USB connector 16 that provides an interface to the USBhost computer 18. Other components could include a USB mass storagecontroller 20 that implements a USB host controller and provides aseamless linear interface to a memory 22 such as typical block-orientedserial flash devices as a flash memory. This USB controller 20 couldinclude a small RISC microprocessor and some on-chip ROM and RAM. Thememory 22 could be formed as a NAND flash memory chip that stores data.A crystal oscillator 24 could provide the clock signal to control thedevice data output such as by using a phase-locked loop. An LED canindicate data transfers or the read and write of data. The USB host 18as a PC could issue a mass storage command to allow a USB transfer.

It should be understood that although a flash drive is described, themass storage device could be a USB mass storage token or other massstorage device, including in some embodiments a reconfigured smart cardor similar device.

For purposes of background and description, the basic USB data flowbetween a USB host and a USB device and the various implementations andlayers in accordance with the universal serial bus specification 2.0 areset forth in FIG. 2.

As shown in FIG. 2, the connection of a host 110 to a physical device112 requires the interaction between different layers, i.e., the USB businterface layer 114, USB device layer 116, and function layer 118. Aninterconnect 120 between the host and device is illustrated.

The USB bus interface layer 114 includes a USB bus interface circuit 122and serial interface engine (SIE) 124 at the device 112 thatcommunicates with a serial interface engine (SIE) 126 and its hostcontroller 128 at the host 110 via a physical wire 129. The USB devicelayer 116 includes at the physical device 112 a collection of endpointsas a USB logical device 130. An endpoint zero 132 is operable incommunication via the default pipe 134 to USB system software 136 thatis operable for device management at the host 110. The function layer118 includes at the physical device 112, a logical function 138 as aninterface collection, and the interface 140 that communicates via aplurality of pipe bundles 144 to client software 142 that is operablefor interface management.

The USB bus interface layer 114 provides the physical wire 129 for thetraffic signaling and packet conductivity between the host 110 andphysical device 112. The USB device layer 116 views the USB systemsoftware 136 to perform generic USB operations with the physical device112 via the default pipe 134 to endpoint zero 132. The functional layer118 adds capabilities to the host using matched client software. The USBDevice Layer 116 and Function Layer 118 each view logical communicationswithin their layers and use the USB Bus Interface Layer 114 for any datatransfer. The USB host 110 coordinates the overall USB system, controlsaccess, and monitors the USB topology.

Logical communications exist between the client software and theFunction Layer 118 and the USB system software 136 and USB logicaldevice 130. Actual packets flow between the USB host controller 128 andthe USB bus interface circuit 122.

As is known, USB physical devices add functionality to the host and havethe same interface. Each physical device carries and reportsconfiguration-related data, which it forwards to the host to allow thehost to identify and configure the USB device. Typically, devices on theUSB are connected to a host using a tiered star topology, including thehub. The host, on the other hand, communicates with each logical deviceas if it were directly connected to a root port. The client softwaremanipulates a USB function interface of a device only as an interface ofinterest.

It should be understood that the actual communication flows acrossseveral interface boundaries. The two software interfaces for the hostare a host controller driver (HCD) and a USB driver (USBD). A softwareinterface between a USB host controller 178 and USB system software 176implements the host controller driver and allows the host controller toimplement functions without requiring the host software to be dependenton any particular implementation. One USB driver can support differenthost controllers. Specific knowledge of a host controller implementationis not required.

The USB logical device 130 can be considered a collection of endpointsand are grouped into endpoint sets to implement the interface. The USBsystem software 136 manages or controls the device using the defaultpipe 134 to the endpoint zero 132. Client software 142 manages theinterface using pipe bundles 144 associated with an endpoint set. Datais moved between a buffer on the host 110 and an endpoint on the USBdevice 112 when client software requests the data. The host controller128 or USB device 112, depending on the direction of data transfer,packetizes the data and forwards the packets over the bus. It alsocoordinates bus access. The host communicates with the physical deviceusing a desired communication that is designed to match anycommunication requirements of the physical device and transfercharacteristics provided by a USB.

The endpoint is an identifiable portion of the device that terminatesthe communication between the host. It can be a collection ofindependent endpoints. Default control uses input and output endpointsand the endpoint number “zero” as part of the default pipe 134.

The data transport mechanism includes transfers of data between the hostcontroller 128 and the USB system software 136 at the host 110. Bufferscan be used as a data transport mechanism between the USB systemsoftware 136 and the client software 142 at the host 110. The other datatransport mechanism includes transactions between the host controller128 and the serial interface engine 126 within the USB bus interface ofthe host.

The data transport mechanism also exists as a data per endpoint betweenthe USB bus interface circuit 122 and the USB logical device 130 at thephysical device 112. The data transport mechanism between the function138 (and with the interface 140) and the endpoint zero 132 isinterface-specific.

USB-relevant format of transported data occurs as USB frame data betweenthe serial interface engine 126 and the host controller 128 and betweenthe host controller 128 and the USB system software 136 at the host 110.No USB format for transporting data exists between the client software142 that manages an interface and the USB system software 136.

At the device 112, USB-relevant format of transported data exists as USBframe data between the USB bus interface circuit 122 and the USB logicaldevice 130. No USB format of data occurs between the interface 140 andthe endpoint zero 32 at the device 112.

Further details of the functioning of the USB host and device and dataflow can be found in the Universal Serial Bus Specification Revision2.0, including Chapter 5 entitled “USB Dataflow Model,” the disclosurefor the entire Specification Revision 2.0 which is hereby incorporatedby reference in its entirety.

FIG. 3 is a block diagram of a mass storage device 200, in accordancewith a non-limiting example of the present invention. It is illustratedas a USB peripheral and configured as a USB mass storage device, forexample, formed as a USB flash drive or other type of USB mass storagetoken and operative with a USB host software stack 202. This type of USBmass storage device 200 includes security with a secure controller andbiometric circuit, such as a fingerprint sensor, to form a secure, USBmass storage device as will be explained below. The secure controllercould be a microcontroller or microprocessor and the term controller canbe used for both.

As illustrated, the basic components of this USB peripheral 200 includea USB device controller 204, i.e., a USB controller in this non-limitingexample. The USB controller 204 interfaces with a USB interface 205 andcommunicates with the USB host via the USB protocol and provides aserial and parallel interface communicating to a non-volatile memory206, for example, an EEPROM, NVRAM or flash memory. Communication can bevia the protocol required by a selected type of memory and a serialinterface communicating to a secure controller 208, for example, amicrocontroller or microprocessor as a Trusted Platform Module (TPM)product via a communications interface 210, such as SPI, I2C, LPC orUSB, in case of an interchip USB (chip-to-chip) if the systemarchitecture allows it. It should be understood that an RS232 connectioncould also be used.

1 The secure controller 208 can provide an optional secondary serialinterface 212 communicating to a biometric circuit 214 as a separatesubsystem that includes a biometric sensor, for example, fingerprintsensor 218, and a biometric processor 216, for example, operative as acoprocessor, which securely stores a biometric template into the USBperipheral to authenticate a user. This biometric circuit 214 can allowbiometric authentication of a user to the mass storage device 200, whilethe secure controller 208 allows trusting of the authentication.

In this non-limiting example, the secure controller 208 allows a TPMcommand to access security functions. An SPI interface as a serialperipheral interface and its related protocol have been foundadvantageous for use between the USB controller 204 and the securecontroller 208. The non-volatile memory 206 can be a flash memory typeNAND, as known by those skilled in the art. The biometric circuit 214has a coprocessor 216 that is operative with the finger sensor 218 orother sensor receiving section typically positioned on an outer housing220 forming the USB mass storage device (or peripheral) as illustrated.

The secure controller 208 as a TPM can store keys, passwords, anddigital certificates and could be affixed to any support or boardpositioned within the housing 220 defining the mass storage device 200.The secure controller 208 can also protect and authenticate userpasswords. The secure controller typically acts as a “slave” to higherlevel services and applications by storing and reporting pre-run timeconfiguration information in some non-limiting examples. Typically, thesecure controller can use a low pin count (LPC) bus interface andprovide crypto capabilities. A hardware engine can perform up to 2,048bit RSA encryption/decryption. It can use a built-in hash engine tocompute hash values or small pieces of data. It can also use a randomnumber generator to generate keys for various purposes.

An endorsement key can be used as a public/private key pair of about2,048 bits and could be unique to a particular TPM and platform. Theattestation identity key (AIK) can authenticate a service provider.Different certificates can be used and stored, including an endorsementcertificate, platform certificate and conformance certificate. Theendorsement certificate can contain the public key of the endorsementkey and provide attestation that a particular “TPM” is genuine and theendorsement key is protected. Platform certification can be provided bya platform vendor and provide attestation that the security componentsof a platform are genuine. A conformance certificate can be provided bya platform vendor or an evaluation laboratory.

The TPM secure controller can access any TCPA software stack (TSS) usinga TPM device driver library. A TSS uses modules and components tosupport functionality to the TPM. The TSS can off load security functionto a CPU. The TPM can encrypt data using a one-time symmetric key thatcan be protected by TPM.

It should be understood that the biometric subsystem can include manydifferent types of biometric systems. The illustrated fingerprint sensor(or scanner) is a preferred design in this non-limiting, example. It ispossible to use many different types of biometric circuits that cansense or scan physical characteristics, for example, the face,fingerprints, irises or veins. Alternatively, the biometric circuits cansense or scan behavioral characteristics, including voice, handwritingor typing rhythm depending on the size of the housing used with the massstorage device and whether it can support such sensor pad or circuit.For example, it is possible not only to analyze a letter in ahandwriting detection system, but it is also possible to analyze the actof writing, such as pressure, speed and rhythm with which one writes aninitial or name on a sensor pad. Accuracy can be determined by a FalseExcept Rate (FAR), False Reject Rate (FRR), Failure To Enroll Rate (FTE)and Failure To Acquire Rate (FTA).

It is possible to use some systems that have a voice print recognitionsystem, such that wave patterns can be memorized and sound spectrogramsused for identity detection. Voice print recognitions could also beused. It is also possible to use layered systems that combine biometricswith a keycard or Personal Identification Number (PIN) and systems thatcombine multiple biometric methods, including an iris scanner, a voiceprint system or fingerprint sensor. Iris scanning is possible and istypically not the same as retinal scans in which a picture of the bloodvessel structure in the back of the eye is scanned. It is possible touse vein geometry in which a camera takes a digital picture of a veinstructure in for example, a hand, using near-infrared light.

The preferred fingerprint sensor or scanner would obtain an image of afinger and determine whether any pattern of ridges and valleys in theimage matches the pattern of ridges and valleys in a prescan image.Optical scanning and capacitance scanning could be used. The opticalscanners would typically include a Charge Coupled Device (CCD) with itsown light source and an array of light embedding diodes. Capacitancescanners use a tiny array of cells that include conductor plates coveredwith insulating layers or other similar systems in some non-limitingexamples. Feed back loops could be used in such systems. It is alsopossible to use RF signals to detect a fingerprint ridge and valleypattern, where a fingerprint pattern can be read from the conductivelayer of skin beneath the dry outer surface skin layer. Pixel sensorplates could be operative with an excitation signal reference plane in asemiconductor substrate having sense amplifiers that are output. Thetemplates would be stored as part of the biometric circuit 214.

FIG. 4 shows a software stack 300 with a top level depicted as PCapplications 302 operative with the TSS 304 and a windows file system(FS) services 306 as part of the flash system and memory, and operativewith a mass storage class driver 308. The USB controller 310 isoperative as a mass storage class driver and operative with the securemicro TPM 312 and the biometric subsystem 314. The USB controller as amass storage device class is also operative with non-volatile memorysuch as 32 megabytes to one gigabyte.

It should be understood that the TSS software specification can providea standard application programming interface for accessing functions ofthe TPM. A USB firmware library can also be included.

Many modifications and other embodiments of the invention will come tothe mind of one skilled in the art having the benefit of the teachingspresented in the foregoing descriptions and the associated drawings.Therefore, it is understood that the invention is not to be limited tothe specific embodiments disclosed, and that modifications andembodiments are intended to be included within the scope of the appendedclaims.

1. A USB mass storage device, comprising: a memory for storing data; aUSB interface for coupling the USB mass storage device to a hostcomputer; a USB controller operatively connected to said memory and USBinterface and operative for transferring mass storage data between thehost computer and memory; a biometric circuit that provides biometricauthentication of a user; and a secure controller operatively connectedto said biometric circuit and said USB controller and operative inaccordance as a trusted platform and having a command set to accesssecurity functions and trust authentication of a user using thebiometric circuit.
 2. A USB mass storage device according to claim 1,wherein said secure controller is operatively connected between saidbiometric circuit and said USB controller.
 3. A USB mass storage deviceaccording to claim 1, wherein said secure controller is operative toaccess security functions performed by logic that complies with theTrusted Computing Group (TCG) specification.
 4. A USB mass storagedevice according to claim 1, wherein said biometric circuit comprisesone of a capacitance, optical and RF scanner circuit.
 5. A USB massstorage device according to claim 1, wherein said memory comprises anonvolatile memory.
 6. A USB mass storage device according to claim 5,wherein said nonvolatile memory comprises an EEPROM, NVRAM or Flashmemory.
 7. A USB mass storage device according to claim 1, and furthercomprising a serial communications interface interconnecting said USBcontroller and said secure controller.
 8. A USB mass storage deviceaccording to claim 7, wherein said serial communications interfacecomprises one of at least a RS232, I2C, SPI or interchip USBcommunications link.
 9. A USB mass storage device according to claim 1,and further comprising a serial communications interface interconnectingsaid secure controller and said biometric circuit.
 10. A USB massstorage device according to claim 9, wherein said serial communicationsinterface comprises a SPI or interchip USB communications link.
 11. AUSB mass storage system, comprising: a computer host that includes a USBinterface and receives mass storage data through the USB interface; anda USB mass storage device, comprising, a memory for storing data; a USBinterface for coupling the USB mass storage device to the USB interfaceof the host computer; a USB controller operatively connected to saidmemory and USB interface and operative for transferring mass storagedata between the host computer and the memory; ’a biometric circuit thatprovides biometric authentication of a user; and a secure controlleroperatively connected to said biometric circuit and said USB controllerand operative in accordance as a trusted platform and having a commandset to access security functions and trust authentication of a userusing the biometric circuit.
 12. A USB mass storage system according toclaim 11, wherein said secure controller is operatively connectedbetween said biometric circuit and said USB controller.
 13. A USB massstorage system according to claim 11, wherein said secure controller isoperative to access security functions performed by logic that complieswith the Trusted Computing Group (TCG) specification.
 14. A USB massstorage system according to claim 11, wherein said biometric circuitcomprises one of a capacitance, optical and RF scanner circuit.
 15. AUSB mass storage system according to claim 11, wherein said memorycomprises a nonvolatile memory.
 16. A USB mass storage system accordingto claim 15, wherein said nonvolatile memory comprises an EEPROM, NVRAMor Flash memory.
 17. A USB mass storage system according to claim 11,and further comprising a serial communications interface interconnectingsaid USB controller and said secure controller.
 18. A USB mass storagesystem according to claim 17, wherein said serial communicationsinterface comprises one of at least a RS232, I2C, SPI or interchip USBcommunications link.
 19. A USB mass storage system according to claim11, and further comprising a serial communications interfaceinterconnecting said secure controller and said biometric circuit.
 20. AUSB mass storage system according to claim 19, wherein said serialcommunications interface comprises a SPI or interchip USB communicationslink.
 21. A method for securing an external USB mass storage device,which comprises: storing data within a memory of the USB mass storagedevice; transferring mass storage data between the memory and host via aUSB controller operative with a USB interface; authenticating a userusing a biometric circuit; and accessing security functions and trustingauthentication of the user using a secure controller.
 22. A methodaccording to claim 21, which further comprises accessing securityfunctions by logic that complies with the Trusted Computing Group (TCG)specification.
 23. A method according to claim 21, which furthercomprises communicating between the USB controller and the securecontroller through a serial communications interface.
 24. A methodaccording to claim 21, which further comprises communicating between thesecure controller and the biometric circuit through a serialcommunications interface.
 25. A method according to claim 21, whichfurther comprises authenticating a user using one of a capacitance,optical and RF scanner circuit.